kubes 0.3.3 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/README.md +6 -5
- data/docs/_docs/ci/cloudbuild.md +2 -0
- data/docs/_docs/config/args.md +10 -0
- data/docs/_docs/config/args/docker.md +19 -0
- data/docs/_docs/config/args/kubectl.md +19 -0
- data/docs/_docs/config/docker.md +4 -40
- data/docs/_docs/config/env.md +1 -1
- data/docs/_docs/config/hooks.md +10 -0
- data/docs/_docs/config/hooks/docker.md +70 -0
- data/docs/_docs/config/hooks/kubectl.md +83 -0
- data/docs/_docs/config/hooks/kubes.md +67 -0
- data/docs/_docs/config/hooks/ruby.md +76 -0
- data/docs/_docs/config/kubectl.md +3 -54
- data/docs/_docs/config/reference.md +20 -0
- data/docs/_docs/config/skip.md +58 -0
- data/docs/_docs/dsl/resources.md +1 -1
- data/docs/_docs/dsl/resources/backend_config.md +1 -1
- data/docs/_docs/helpers.md +3 -2
- data/docs/_docs/intro.md +6 -3
- data/docs/_docs/learn/dsl/review-project.md +4 -2
- data/docs/_docs/learn/yaml/review-project.md +4 -2
- data/docs/_docs/{auto-context.md → misc/auto-context.md} +0 -0
- data/docs/_docs/{kustomize.md → misc/kustomize.md} +0 -0
- data/docs/_docs/misc/separate-steps.md +21 -0
- data/docs/_docs/patterns.md +4 -1
- data/docs/_docs/patterns/clock-web-worker.md +2 -0
- data/docs/_docs/patterns/migrations.md +123 -0
- data/docs/_docs/patterns/secrets.md +82 -0
- data/docs/_includes/config/hooks/options.md +20 -0
- data/docs/_includes/sidebar.html +35 -11
- data/docs/_reference/kubes-exec.md +14 -6
- data/docs/_reference/kubes-init.md +1 -0
- data/docs/_reference/kubes-logs.md +1 -0
- data/docs/_sass/theme.scss +25 -1
- data/kubes.gemspec +3 -0
- data/lib/kubes.rb +3 -0
- data/lib/kubes/cli.rb +20 -5
- data/lib/kubes/cli/apply.rb +2 -1
- data/lib/kubes/cli/base.rb +11 -0
- data/lib/kubes/cli/compile.rb +8 -0
- data/lib/kubes/cli/delete.rb +1 -1
- data/lib/kubes/cli/exec.rb +37 -6
- data/lib/kubes/cli/get.rb +3 -2
- data/lib/kubes/cli/init.rb +39 -2
- data/lib/kubes/cli/logs.rb +29 -4
- data/lib/kubes/cli/prune.rb +95 -0
- data/lib/kubes/compiler.rb +11 -7
- data/lib/kubes/compiler/decorator/base.rb +7 -1
- data/lib/kubes/compiler/decorator/{resources/secret.rb → hashable.rb} +5 -4
- data/lib/kubes/compiler/decorator/hashable/field.rb +53 -0
- data/lib/kubes/compiler/decorator/hashable/storage.rb +19 -0
- data/lib/kubes/compiler/decorator/post.rb +77 -0
- data/lib/kubes/compiler/decorator/pre.rb +12 -0
- data/lib/kubes/compiler/shared/helpers.rb +7 -2
- data/lib/kubes/compiler/strategy.rb +2 -2
- data/lib/kubes/compiler/strategy/base.rb +1 -1
- data/lib/kubes/compiler/strategy/result.rb +4 -6
- data/lib/kubes/config.rb +16 -11
- data/lib/kubes/docker/strategy/build/docker.rb +1 -1
- data/lib/kubes/docker/strategy/build/gcloud.rb +1 -1
- data/lib/kubes/docker/strategy/image_name.rb +1 -1
- data/lib/kubes/docker/strategy/push/docker.rb +1 -1
- data/lib/kubes/docker/strategy/push/gcloud.rb +1 -1
- data/lib/kubes/docker/strategy/utils.rb +1 -1
- data/lib/kubes/hooks/builder.rb +29 -15
- data/lib/kubes/hooks/concern.rb +10 -0
- data/lib/kubes/hooks/dsl.rb +2 -1
- data/lib/kubes/hooks/runner.rb +22 -0
- data/lib/kubes/kubectl.rb +21 -18
- data/lib/kubes/kubectl/batch.rb +8 -5
- data/lib/kubes/kubectl/{decider.rb → dispatcher.rb} +1 -1
- data/lib/kubes/kubectl/fetch/base.rb +13 -10
- data/lib/kubes/kubectl/fetch/deployment.rb +12 -13
- data/lib/kubes/kubectl/fetch/pods.rb +4 -15
- data/lib/kubes/kubectl/kustomize.rb +1 -1
- data/lib/kubes/kubectl/ordering.rb +12 -0
- data/lib/kubes/util/consider.rb +2 -1
- data/lib/kubes/util/sh.rb +1 -1
- data/lib/kubes/version.rb +1 -1
- data/lib/templates/dsl/.kubes/resources/base/all.rb.tt +6 -1
- data/lib/templates/dsl/.kubes/resources/shared/namespace.rb.tt +1 -1
- data/lib/templates/dsl/.kubes/resources/web/deployment.rb +1 -1
- data/lib/templates/yaml/.kubes/resources/base/all.yaml.tt +1 -1
- data/lib/templates/yaml/.kubes/resources/shared/namespace.yaml.tt +1 -1
- data/lib/templates/yaml/.kubes/resources/web/deployment.yaml.tt +1 -1
- data/spec/fixtures/decorators/deployment/both/envFrom.yaml +31 -0
- data/spec/fixtures/decorators/deployment/both/valueFrom.yaml +33 -0
- data/spec/fixtures/decorators/deployment/both/volumes.yaml +40 -0
- data/spec/fixtures/prune/capture.yaml +57 -0
- data/spec/fixtures/prune/fetch_items.yaml +268 -0
- data/spec/kubes/cli/prune_spec.rb +38 -0
- data/spec/kubes/compiler/decorator/{resources → post}/deployment_spec.rb +52 -6
- data/spec/kubes/compiler/decorator/{resources → post}/pod_spec.rb +2 -11
- metadata +57 -19
- data/lib/kubes/compiler/decorator.rb +0 -17
- data/lib/kubes/compiler/decorator/compile.rb +0 -12
- data/lib/kubes/compiler/decorator/resources/base.rb +0 -13
- data/lib/kubes/compiler/decorator/resources/container.rb +0 -76
- data/lib/kubes/compiler/decorator/resources/container/mapping.rb +0 -28
- data/lib/kubes/compiler/decorator/resources/deployment.rb +0 -10
- data/lib/kubes/compiler/decorator/resources/pod.rb +0 -10
- data/lib/kubes/compiler/decorator/write.rb +0 -14
- data/lib/kubes/docker/strategy/hooks.rb +0 -9
@@ -1,61 +1,10 @@
|
|
1
1
|
---
|
2
|
-
title: Kubectl
|
2
|
+
title: Kubectl Customizations
|
3
3
|
---
|
4
4
|
|
5
5
|
## General
|
6
6
|
|
7
7
|
Kubes calls out the `kubectl` command. You can customize the command.
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
Here are some examples of customizing the kubectl args.
|
12
|
-
|
13
|
-
.kubes/config/kubectl/args.rb
|
14
|
-
|
15
|
-
```ruby
|
16
|
-
command("apply",
|
17
|
-
args: ["--validate=true"],
|
18
|
-
)
|
19
|
-
|
20
|
-
command("delete",
|
21
|
-
args: ["--grace-period=-1"],
|
22
|
-
)
|
23
|
-
```
|
24
|
-
|
25
|
-
## Hooks
|
26
|
-
|
27
|
-
Here are some examples of running custom hooks before and after the kubectl commands.
|
28
|
-
|
29
|
-
.kubes/config/kubectl/hooks.rb
|
30
|
-
|
31
|
-
```ruby
|
32
|
-
before("apply",
|
33
|
-
execute: "kubectl apply -f .kubes/shared/namespace.yaml",
|
34
|
-
)
|
35
|
-
|
36
|
-
after("delete",
|
37
|
-
execute: "echo 'delete hook',
|
38
|
-
)
|
39
|
-
```
|
40
|
-
|
41
|
-
You can use hooks to do things that may not make sense to do in the `.kubes/resources` definition. Here's an example of automatically creating the namespace.
|
42
|
-
|
43
|
-
.kubes/shared/namespace.yaml
|
44
|
-
|
45
|
-
```yaml
|
46
|
-
apiVersion: v1
|
47
|
-
kind: Namespace
|
48
|
-
metadata:
|
49
|
-
name: demo
|
50
|
-
```
|
51
|
-
|
52
|
-
### exit on fail
|
53
|
-
|
54
|
-
By default, if the hook commands fail, then terraspace will exit with the original hook error code. You can change this behavior with the `exit_on_fail` option.
|
55
|
-
|
56
|
-
```ruby
|
57
|
-
before("apply"
|
58
|
-
execute: "/command/will/fail/but/will/continue",
|
59
|
-
exit_on_fail: false,
|
60
|
-
)
|
61
|
-
```
|
9
|
+
* [Args]({% link _docs/config/args/kubectl.md %}): Customize the CLI args.
|
10
|
+
* [Hooks]({% link _docs/config/hooks/kubectl.md %}): Run hooks before and after the kubectl commands.
|
@@ -0,0 +1,20 @@
|
|
1
|
+
---
|
2
|
+
title: Config Reference
|
3
|
+
---
|
4
|
+
|
5
|
+
Name | Description | Default
|
6
|
+
---|---|---
|
7
|
+
auto_prune | Prune and delete old hashed resources like Secret and ConfigMap. | true
|
8
|
+
builder | What docker build command to use. Can use `docker` or `gcloud` to build the Docker image. | docker
|
9
|
+
kubectl.context | What kubectl context to auto-switch to. | nil
|
10
|
+
kubectl.context_keep | Whether or not to keep the context switched | true
|
11
|
+
kubectl.exit_on_fail.apply | Whether or not continue if the `kubectl apply` fails. Note, can use `KUBES_EXIT_ON_FAIL=0` env var to set to false. | true
|
12
|
+
kubectl.exit_on_fail.delete | Whether or not continue if the `kubectl delete` fails. | false
|
13
|
+
kubectl.order.kinds | Change ordering for Kubernetes Kinds. | See [source code](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/config.rb#L52)
|
14
|
+
kubectl.order.roles | Change ordering for Kubes Roles. | See [source code](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/config.rb#L44)
|
15
|
+
logger | Logger object | Logger.new($stdout)
|
16
|
+
logger.level | Logger level. Can also be set with `KUBES_LOG_LEVEL` env var | info
|
17
|
+
repo | The Docker repo to use. Required to be set. | nil
|
18
|
+
skip | List of resources to skip. Can also be set with the `KUBES_SKIP` env var. `KUBES_SKIP` should be a list of strings separated by spaces. It adds onto the `config.skip` option. | []
|
19
|
+
state.docker_image_path | Where to store the state file with the last build Docker image. | .kubes/state/docker_image.txt
|
20
|
+
suffix_hash | Whether or not to append suffix hash to ConfigMap and Secret | true
|
@@ -0,0 +1,58 @@
|
|
1
|
+
---
|
2
|
+
title: Skip Option
|
3
|
+
---
|
4
|
+
|
5
|
+
You can tell Kubes to skip resources to deploy. This can useful if you want to still resources with Kubes and have it compile `.kubes/output` files, but wish to deploy them outside of Kubes manually.
|
6
|
+
|
7
|
+
## Example
|
8
|
+
|
9
|
+
Here's an example with a Job.
|
10
|
+
|
11
|
+
.kubes/resources/cleanup/job.yaml:
|
12
|
+
|
13
|
+
```yaml
|
14
|
+
apiVersion: batch/v1
|
15
|
+
kind: Job
|
16
|
+
metadata:
|
17
|
+
name: cleanup
|
18
|
+
spec:
|
19
|
+
template:
|
20
|
+
spec:
|
21
|
+
containers:
|
22
|
+
- name: cleanup
|
23
|
+
image: <%= built_image %>
|
24
|
+
command: ["bin/cleanup.sh"]
|
25
|
+
restartPolicy: Never
|
26
|
+
```
|
27
|
+
|
28
|
+
To skip the cleanup job, use the `config.skip` option:
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
Kubes.configure do |config|
|
32
|
+
config.skip = ["cleanup/job"]
|
33
|
+
end
|
34
|
+
```
|
35
|
+
|
36
|
+
Now when you deploy, the `cleanup/job` resource will not be deployed:
|
37
|
+
|
38
|
+
kubes deploy # deploys everything except cleanup/job
|
39
|
+
|
40
|
+
## Deploy Outside of Kubes
|
41
|
+
|
42
|
+
Then to deploy outside of kubes.
|
43
|
+
|
44
|
+
$ kubes compile # not necessary if already ran: kubes deploy
|
45
|
+
Compiled .kubes/resources files to .kubes/output
|
46
|
+
$ kubectl apply -f .kubes/output/cleanup/job.yaml
|
47
|
+
job.batch/cleanup created
|
48
|
+
$ kubectl delete -f .kubes/output/cleanup/job.yaml
|
49
|
+
job.batch "cleanup" deleted
|
50
|
+
$
|
51
|
+
|
52
|
+
## Env Var KUBES_SKIP
|
53
|
+
|
54
|
+
You can also us ethe `KUBES_SKIP` env var. It takes list of strings separated by a space. It adds onto the `config.skip` option. Example:
|
55
|
+
|
56
|
+
KUBES_SKIP="cleanup/job" kubes delete
|
57
|
+
|
58
|
+
This can be useful for one-off use cases.
|
data/docs/_docs/dsl/resources.md
CHANGED
@@ -6,7 +6,7 @@ Here's a list of the resources supported by the Kubes DSL.
|
|
6
6
|
|
7
7
|
{% assign docs = site.docs | where: "categories","dsl" %}
|
8
8
|
{% for doc in docs -%}
|
9
|
-
* [{{ doc.
|
9
|
+
* [{{ doc.nav_text }}]({{ doc.url }})
|
10
10
|
{% endfor %}
|
11
11
|
|
12
12
|
For resources, that are not supported, you can use the [Generic resource]({% link _docs/dsl/resources/generic.md %}) or use [YAML]({% link _docs/yaml.md %}) instead. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
@@ -3,7 +3,7 @@ title: BackendConfig
|
|
3
3
|
categories: dsl
|
4
4
|
---
|
5
5
|
|
6
|
-
A BackendConfig is [custom resource definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) that allow you to further customize the load balancer.
|
6
|
+
A [BackendConfig](https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#create_backendconfig) is [custom resource definitions (CRDs)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) that allow you to further customize the load balancer.
|
7
7
|
|
8
8
|
Here's an example of a BackendConfig.
|
9
9
|
|
data/docs/_docs/helpers.md
CHANGED
@@ -7,12 +7,13 @@ Kubes provides some helper methods to help write Kubernetes YAML files. Here's
|
|
7
7
|
Helper | Description
|
8
8
|
--- | ---
|
9
9
|
built_image | Method refers to the latest Docker image built by Kubes. This spares you from having to update the image manually in the deployment resource.
|
10
|
+
decode64 | Basey64d decode a string.
|
10
11
|
dockerfile_port | Exposed port extracted from the Dockerfile of the project.
|
12
|
+
encode64 | Basey64 encode a string. Also available as `base64` method.
|
11
13
|
extra | The `KUBES_EXTRA` value.
|
12
14
|
with_extra | Appends the `KUBES_EXTRA` value to a string if it's set. It's covered in the [Extra Env Docs]({% link _docs/extra-env.md %}).
|
13
15
|
|
14
|
-
Here's also the source code with the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
15
|
-
|
16
|
+
Here's also the source code with most of the helpers: [helpers.rb](https://github.com/boltops-tools/kubes/blob/master/lib/kubes/compiler/shared/helpers.rb).
|
16
17
|
|
17
18
|
## DSL Specific Methods
|
18
19
|
|
data/docs/_docs/intro.md
CHANGED
@@ -4,12 +4,15 @@ title: What is Kubes?
|
|
4
4
|
|
5
5
|
{% include reference.md %}
|
6
6
|
|
7
|
+
<div class="video-box"><div class="video-container"><iframe src="https://www.youtube.com/embed/M4zHL0mfKNU" frameborder="0" allowfullscreen=""></iframe></div></div>
|
8
|
+
|
7
9
|
## Features:
|
8
10
|
|
9
11
|
* Automation: [Builds the Docker image]({% link _docs/config/docker.md %}) and updates the compiled YAML files
|
10
12
|
* Syntactic Sugar: Use an [ERB/YAML]({% link _docs/yaml.md %}) or a [DSL]({% link _docs/dsl.md %}) to write your Kubernetes YAML files. You can use a mix of DSL and YAML definitions in the `.kubes/resources` folder.
|
11
13
|
* Layering: Use the same Kubernetes YAML to build multiple environments like dev and prod with [layering]({% link _docs/layering.md %}).
|
12
|
-
* CLI Customizations: You can customize the [cli args]({% link _docs/config/kubectl.md %}). You can also run hooks before and after kubectl commands.
|
14
|
+
* CLI Customizations: You can customize the [cli args]({% link _docs/config/args/kubectl.md %}). You can also run [hooks]({% link _docs/config/hooks/kubectl.md %}) before and after kubectl commands.
|
13
15
|
* Automated Suffix Hashes: Automatically appends a suffix hash to ConfigMap and Secret resources. More details in [ConfigMap]({% link _docs/dsl/resources/config_map.md %}) and [Secret]({% link _docs/dsl/resources/secret.md %}) docs.
|
14
|
-
* Kustomize Support: If you’re a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs]({% link _docs/kustomize.md %}).
|
15
|
-
* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs]({% link _docs/auto-context.md %}).
|
16
|
+
* Kustomize Support: If you’re a kustomization user, you can use it with Kubes. More details in [Kustomize Support Docs]({% link _docs/misc/kustomize.md %}).
|
17
|
+
* Auto Context Switching: Map dev to a specific kubectl context and prod to another kubectl context and Kubes can switch them automatically so you won't have to remember. More details in [Auto Context Docs]({% link _docs/misc/auto-context.md %}).
|
18
|
+
* Ordering: Kubes run kubectl apply to create resources in the [correct order]({% link _docs/intro/ordering.md %}). For deleting, it kubes will run `kubectl delete` in the correct reverse order. The order is also [customizable]({% link _docs/intro/ordering/custom.md %}).
|
@@ -11,10 +11,12 @@ We'll create a namespace for the app resources:
|
|
11
11
|
.kubes/resources/shared/namespace.rb
|
12
12
|
|
13
13
|
```ruby
|
14
|
-
name "demo"
|
14
|
+
name "demo-#{Kubes.env}"
|
15
15
|
labels(app: "demo")
|
16
16
|
```
|
17
17
|
|
18
|
+
Notice, the `#{Kubes.env}`. Kubes adds the env to the namespace by default. You can change this with the `init --namespace` option.
|
19
|
+
|
18
20
|
## Deployment
|
19
21
|
|
20
22
|
The `web/deployment.rb` file is a little more interesting:
|
@@ -39,7 +41,7 @@ Also let's check the files in the base folder.
|
|
39
41
|
.kubes/resources/base/all.rb
|
40
42
|
|
41
43
|
```ruby
|
42
|
-
namespace "
|
44
|
+
namespace "demo-#{Kubes.env}"
|
43
45
|
labels(app: "demo")
|
44
46
|
```
|
45
47
|
|
@@ -14,11 +14,13 @@ We'll create a namespace for the app resources:
|
|
14
14
|
apiVersion: v1
|
15
15
|
kind: Namespace
|
16
16
|
metadata:
|
17
|
-
name: demo
|
17
|
+
name: demo-<%= Kubes.env %>
|
18
18
|
labels:
|
19
19
|
app: demo
|
20
20
|
```
|
21
21
|
|
22
|
+
Notice, the `<%= Kubes.env %>`. Kubes adds the env to the namespace by default. You can change this with the `init --namespace` option.
|
23
|
+
|
22
24
|
## Deployment
|
23
25
|
|
24
26
|
The `web/deployment.yaml` file is a little more interesting:
|
@@ -57,7 +59,7 @@ Also let's check the files in the base folder.
|
|
57
59
|
|
58
60
|
```yaml
|
59
61
|
metadata:
|
60
|
-
namespace: demo
|
62
|
+
namespace: demo-<%= Kubes.env %>
|
61
63
|
```
|
62
64
|
|
63
65
|
.kubes/resources/base/deployment.yaml
|
File without changes
|
File without changes
|
@@ -0,0 +1,21 @@
|
|
1
|
+
---
|
2
|
+
title: Separate Steps
|
3
|
+
---
|
4
|
+
|
5
|
+
Sometimes you may want to run the 3 separate kubes steps directly. This may be useful if you are setting up CI/CD and need more control over the build process. Here are the 3 main steps:
|
6
|
+
|
7
|
+
To build and push the docker image:
|
8
|
+
|
9
|
+
kubes docker build
|
10
|
+
kubes docker push
|
11
|
+
|
12
|
+
Note, you must run a `kubes docker build` at least once. As the build step will store the image name in a `.kubes/state/docker_image.txt ` file for later use.
|
13
|
+
|
14
|
+
To compile the Kubernetes YAML files.
|
15
|
+
|
16
|
+
kubes compile
|
17
|
+
|
18
|
+
To apply the Kubernetes YAML files in the correct order and create resources on the cluster:
|
19
|
+
|
20
|
+
kubes apply
|
21
|
+
|
data/docs/_docs/patterns.md
CHANGED
@@ -4,4 +4,7 @@ title: Patterns
|
|
4
4
|
|
5
5
|
We'll cover some common deployment patterns here:
|
6
6
|
|
7
|
-
|
7
|
+
{% assign docs = site.docs | where: "categories","patterns" %}
|
8
|
+
{% for doc in docs -%}
|
9
|
+
* [{{ doc.title }}]({{ doc.url }})
|
10
|
+
{% endfor %}
|
@@ -0,0 +1,123 @@
|
|
1
|
+
---
|
2
|
+
title: Database Migrations
|
3
|
+
nav_text: Database Migrations
|
4
|
+
categories: patterns
|
5
|
+
---
|
6
|
+
|
7
|
+
A common task is to run database migrations. You can use Kubes hooks to achieve this as part of the `kubes deploy` process.
|
8
|
+
|
9
|
+
1. Create Migrate Job YAML
|
10
|
+
2. Set up Kubes Hooks
|
11
|
+
|
12
|
+
## 1. Create Migrate Job YAML
|
13
|
+
|
14
|
+
First, let's create the migrate job YAML. Here's a starter example:
|
15
|
+
|
16
|
+
.kubes/resources/migrate/job.yaml
|
17
|
+
|
18
|
+
```yaml
|
19
|
+
apiVersion: batch/v1
|
20
|
+
kind: Job
|
21
|
+
metadata:
|
22
|
+
name: migrate
|
23
|
+
spec:
|
24
|
+
template:
|
25
|
+
spec:
|
26
|
+
containers:
|
27
|
+
- name: migrate
|
28
|
+
image: <%= built_image %>
|
29
|
+
command: ["bin/job/migrate.sh"]
|
30
|
+
restartPolicy: Never
|
31
|
+
backoffLimit: 4
|
32
|
+
```
|
33
|
+
|
34
|
+
The Kubernetes job calls a `job/migrate.sh` script. Something like this:
|
35
|
+
|
36
|
+
bin/job/migrate.sh
|
37
|
+
|
38
|
+
#!/bin/bash
|
39
|
+
rails db:migrate
|
40
|
+
|
41
|
+
## 2. Set up Kubes Hooks
|
42
|
+
|
43
|
+
Set up the [kubes hooks]({% link _docs/config/hooks/kubectl.md %}) to help the migrate job run properly.
|
44
|
+
|
45
|
+
.kubes/config/hooks/kubectl.rb
|
46
|
+
|
47
|
+
```ruby
|
48
|
+
before("apply",
|
49
|
+
on: "migrate/job",
|
50
|
+
execute: "bin/hooks/migrate/delete.sh",
|
51
|
+
exit_on_fail: false,
|
52
|
+
)
|
53
|
+
|
54
|
+
after("apply",
|
55
|
+
on: "migrate/job",
|
56
|
+
execute: "bin/hooks/migrate/wait.sh",
|
57
|
+
)
|
58
|
+
```
|
59
|
+
|
60
|
+
Here's what the `bin/hook/migrate` scripts could look like:
|
61
|
+
|
62
|
+
bin/hooks/migrate/delete.sh
|
63
|
+
|
64
|
+
#!/bin/bash
|
65
|
+
kubectl delete job/migrate
|
66
|
+
|
67
|
+
bin/hooks/migrate/wait.sh
|
68
|
+
|
69
|
+
#!/bin/bash
|
70
|
+
kubectl wait --for=condition=Complete job/migrate --timeout=300s
|
71
|
+
|
72
|
+
The `migrate/delete.sh` script first cleans up old migrate jobs that may have been previously created.
|
73
|
+
|
74
|
+
The `migrate/wait.sh` script waits until the migration job finishes before continuing. Note, the default timeout is 30s, which may not be long enough for your migrations to finish, so we set it to 300s. The `kubectl wait` only returns if the migrate job finishes successfully. If the job fails after it exhausts all its retries, default 6, then you'll see an error like this:
|
75
|
+
|
76
|
+
+ kubectl wait --for=condition=Complete job/migrate --timeout=30s
|
77
|
+
error: timed out waiting for the condition on jobs/migrate
|
78
|
+
ERROR: running bin/hooks/migrate.sh
|
79
|
+
|
80
|
+
There is also an [migration-example](https://github.com/boltops-tools/kubes-examples/tree/master/yaml/migration-example) repo with a smarter version of the wait script.
|
81
|
+
|
82
|
+
## Example Deploy
|
83
|
+
|
84
|
+
Once that is set up, a `kubes deploy` will automatically run migrations. Here's an example deploy:
|
85
|
+
|
86
|
+
$ kubes deploy
|
87
|
+
=> kubectl apply -f .kubes/output/shared/namespace.yaml
|
88
|
+
=> bin/hooks/migrate/delete.sh
|
89
|
+
job.batch "migrate" deleted
|
90
|
+
=> kubectl apply -f .kubes/output/migrate/job.yaml
|
91
|
+
job.batch/migrate created
|
92
|
+
Running hook: after apply on: migrate/job
|
93
|
+
=> bin/hooks/migrate/wait.sh
|
94
|
+
Sun Oct 11 03:22:35 UTC 2020
|
95
|
+
Migration complete
|
96
|
+
=> kubectl apply -f .kubes/output/web/service.yaml
|
97
|
+
service/web unchanged
|
98
|
+
=> kubectl apply -f .kubes/output/web/deployment.yaml
|
99
|
+
deployment.apps/web configured
|
100
|
+
$
|
101
|
+
|
102
|
+
## To Couple or Not to Couple?
|
103
|
+
|
104
|
+
While some companies prefer running the migration step as a part of the app deploy, some prefer to separate it out as a discrete step. Usually, the separate step is still called as part of a pipeline.
|
105
|
+
|
106
|
+
In practice, the decision usually comes down to:
|
107
|
+
|
108
|
+
* The size of your database. If your database is large and the migrations take a long time to run. It makes sense to separate it out.
|
109
|
+
* The risk tolerance of database migration operations. If it's quite risky to run DB migrations, you may want to separate it as discrete step so a human can review it.
|
110
|
+
|
111
|
+
For small apps and databases, it's often pragmatic to just run everything in a single step for simplicity.
|
112
|
+
|
113
|
+
## Migration as Separate Step
|
114
|
+
|
115
|
+
If you would like it to run it as a discrete step, remove the hook in `.kubes/config/hooks/kubectl.rb`, and run it as a separate script like so:
|
116
|
+
|
117
|
+
bin/run/migrate.sh
|
118
|
+
|
119
|
+
#!/bin/bash
|
120
|
+
kubes compile
|
121
|
+
bin/hooks/migrate/delete.sh
|
122
|
+
bin/job/migrate.sh
|
123
|
+
bin/hooks/migrate/wait.sh
|
@@ -0,0 +1,82 @@
|
|
1
|
+
---
|
2
|
+
title: Secrets
|
3
|
+
nav_text: Secrets
|
4
|
+
categories: patterns
|
5
|
+
---
|
6
|
+
|
7
|
+
A Google Secrets helper is currently supported.
|
8
|
+
|
9
|
+
## Set Up Kubes Hook
|
10
|
+
|
11
|
+
Set up a [Kubes hook]({% link _docs/config/hooks/kubes.md %}).
|
12
|
+
|
13
|
+
.kubes/config/hooks/kubes.rb
|
14
|
+
|
15
|
+
```ruby
|
16
|
+
before("compile",
|
17
|
+
execute: KubesGoogle::Secrets.new(upcase: true, prefix: 'projects/686010496118/secrets/demo-dev-')
|
18
|
+
)
|
19
|
+
```
|
20
|
+
|
21
|
+
Then set the secrets in the YAML:
|
22
|
+
|
23
|
+
.kubes/resources/shared/secret.yaml
|
24
|
+
|
25
|
+
```yaml
|
26
|
+
apiVersion: v1
|
27
|
+
kind: Secret
|
28
|
+
metadata:
|
29
|
+
name: demo
|
30
|
+
labels:
|
31
|
+
app: demo
|
32
|
+
data:
|
33
|
+
<% KubesGoogle::Secrets.data.each do |k,v| -%>
|
34
|
+
<%= k %>: <%= base64(v) %>
|
35
|
+
<% end -%>
|
36
|
+
```
|
37
|
+
|
38
|
+
This results in Google secrets with the prefix the `demo-dev-` being added to the Kubernetes secret data. The values are base64 encoded.
|
39
|
+
|
40
|
+
For example if you have these secret values:
|
41
|
+
|
42
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_user
|
43
|
+
test1
|
44
|
+
$ gcloud secrets versions access latest --secret demo-dev-db_pass
|
45
|
+
test2
|
46
|
+
$
|
47
|
+
|
48
|
+
The compiled secrets.yaml looks like this:
|
49
|
+
|
50
|
+
.kubes/output/shared/secret.yaml
|
51
|
+
|
52
|
+
```yaml
|
53
|
+
metadata:
|
54
|
+
namespace: demo
|
55
|
+
name: demo-2a78a13682
|
56
|
+
labels:
|
57
|
+
app: demo
|
58
|
+
apiVersion: v1
|
59
|
+
kind: Secret
|
60
|
+
data:
|
61
|
+
db_pass: dGVzdDEK
|
62
|
+
db_user: dGVzdDIK
|
63
|
+
```
|
64
|
+
|
65
|
+
These environment variables can be set:
|
66
|
+
|
67
|
+
Name | Description
|
68
|
+
---|---
|
69
|
+
GCP_SECRET_PREFIX | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`.
|
70
|
+
GOOGLE_PROJECT | Google project id.
|
71
|
+
|
72
|
+
Secrets#initialize options:
|
73
|
+
|
74
|
+
Variable | Description | Default
|
75
|
+
---|---|---
|
76
|
+
base64 | Automatically base64 encode the values. | false
|
77
|
+
upcase | Automatically upcase the Kubernetes secret data keys. | false
|
78
|
+
prefix | Prefixed used to list and filter Google secrets. IE: `projects/686010496118/secrets/demo-dev-`. Can also be set with the `GCP_SECRET_PREFIX` env variable. The env variable takes the highest precedence. | nil
|
79
|
+
|
80
|
+
Note, Kubernetes secrets are only base64 encoded. So users who have access to read Kubernetes secrets will be able to decode and get the value trivially. Depending on your security posture requirements, this may or may not suffice.
|
81
|
+
|
82
|
+
The Google helpers are provided by the [boltops-tools/kubes_google](https://github.com/boltops-tools/kubes_google) library. For more details, check out its README.
|